How To Install Immich on Rocky Linux 10
Managing personal photos and videos has become increasingly challenging in our digital age. With smartphones capturing countless memories and cloud storage services raising privacy concerns, many users seek alternatives that provide both convenience and control. Immich emerges as a powerful self-hosted solution that combines the functionality of popular cloud services with the security and privacy of local hosting.
Immich is a high-performance, self-hosted photo and video backup solution designed to replace proprietary cloud services like Google Photos or iCloud. Unlike commercial alternatives, Immich offers complete data ownership, unlimited storage capacity (limited only by your hardware), and advanced features including facial recognition, automatic mobile uploads, and intelligent photo organization.
Rocky Linux 10 provides the ideal foundation for hosting Immich due to its enterprise-grade stability, robust security features, and excellent container support. As a community-driven successor to CentOS, Rocky Linux delivers the reliability of Red Hat Enterprise Linux without licensing costs, making it perfect for both personal and professional deployments.
This comprehensive guide targets system administrators, privacy-conscious users, and homelab enthusiasts who want to deploy a production-ready Immich instance. Whether you’re migrating from commercial cloud services or building a new photo management system, this tutorial provides detailed instructions, troubleshooting tips, and optimization strategies to ensure a successful installation.
The installation process involves setting up Docker containers, configuring databases, and optimizing system performance. By following this guide, you’ll create a secure, scalable photo management platform that rivals commercial alternatives while maintaining complete control over your data.
Prerequisites and System Requirements
Hardware Requirements
Minimum system specifications for running Immich on Rocky Linux 10 include 4GB of RAM and 2 CPU cores. However, these minimal requirements may result in slower performance during photo processing and thumbnail generation. For optimal performance, especially when handling large photo libraries or multiple concurrent users, recommended specifications include 6GB of RAM and 4 CPU cores.
Storage considerations play a crucial role in Immich performance. While traditional hard drives work for photo storage, SSD storage significantly improves database performance and reduces photo loading times. Plan for adequate storage space based on your photo collection size, considering that Immich generates thumbnails and previews that require additional space beyond original photo sizes.
Network requirements include a stable internet connection for initial setup and ongoing mobile app synchronization. If you plan to access Immich remotely, ensure your network infrastructure supports the necessary bandwidth for photo uploads and streaming.
Software Prerequisites
Rocky Linux 10 installation should be completed with a fresh, minimal installation preferred to avoid potential conflicts with existing services. The system requires root access or a user account with sudo privileges for installation and configuration tasks.
Basic command-line knowledge is essential for following this guide effectively. Users should be comfortable with text editors like nano or vim, file permissions, and basic system administration tasks. While extensive Linux experience isn’t required, familiarity with package management and service configuration will be beneficial.
Internet connectivity is mandatory for downloading Docker images, Immich components, and system updates. Ensure your Rocky Linux 10 system can reach external repositories and container registries.
Docker Requirements
Immich relies heavily on containerization, making Docker Engine compatibility with Rocky Linux 10 crucial for successful deployment. The installation requires Docker Compose plugin (not the legacy docker-compose Python package) for orchestrating multiple containers effectively.
Container runtime considerations include ensuring adequate resources for multiple services running simultaneously. Immich deploys several containers including the main application, PostgreSQL database, Redis cache, and machine learning services, each requiring dedicated system resources.
Preparing Rocky Linux 10 for Immich Installation
System Updates and Security
Begin by updating your Rocky Linux 10 system to ensure all packages are current and security patches are applied:
sudo dnf update -yInstall essential packages that will be required throughout the installation process:
sudo dnf install -y wget curl nano unzip tarConfigure firewall rules to allow access to Immich’s web interface on port 3000:
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --reloadSELinux configuration requires special attention when running Docker containers. While you can set SELinux to permissive mode, it’s more secure to configure appropriate policies:
sudo setsebool -P container_manage_cgroup on
sudo setsebool -P container_use_cgroup_net onDocker Installation on Rocky Linux 10
Remove any existing Docker installations to prevent conflicts:
sudo dnf remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engineAdd the official Docker repository to Rocky Linux 10:
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoInstall Docker Engine and related components:
sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-pluginStart and enable Docker service to ensure it runs automatically on system boot:
sudo systemctl start docker
sudo systemctl enable dockerAdd your user to the docker group to run Docker commands without sudo:
sudo usermod -aG docker $USERLog out and log back in for group membership changes to take effect, then verify Docker installation:
docker --version
docker compose versionDocker Compose Verification
Test Docker functionality by running a simple container:
docker run --rm hello-worldVerify Docker Compose plugin is working correctly:
docker compose versionIf you encounter permission issues, ensure your user is properly added to the docker group and restart your session. Common installation issues include firewall conflicts and SELinux policies blocking container operations.
Downloading and Setting Up Immich Files
Creating Project Directory Structure
Create a dedicated directory for Immich installation with appropriate permissions:
sudo mkdir -p /opt/immich
sudo chown $USER:$USER /opt/immich
cd /opt/immichThis directory structure follows Linux Filesystem Hierarchy Standard conventions, placing application files in /opt for optional software packages. Setting proper ownership ensures your user can modify configuration files without requiring root privileges.
Downloading Required Files
Download the official docker-compose.yml file from Immich’s GitHub releases:
wget -O docker-compose.yml https://github.com/immich-app/immich/releases/latest/download/docker-compose.ymlDownload the example environment file:
wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.envVerify file integrity by checking file sizes and content:
ls -la
head -n 20 docker-compose.ymlThe docker-compose.yml file contains service definitions for all Immich components, including the main application server, PostgreSQL database, Redis cache, and machine learning services. Each service is configured with specific resource requirements, network settings, and volume mounts.
File Structure Overview
Understanding the docker-compose.yml structure helps with troubleshooting and customization. The file defines several services:
- immich-server: Main application providing web interface and API
- immich-machine-learning: AI-powered features like facial recognition
- immich-database: PostgreSQL database for metadata storage
- immich-redis: Redis cache for improved performance
The .env file contains environment variables that customize the installation, including database passwords, storage locations, and timezone settings. This separation allows easy configuration changes without modifying the main compose file.
Configuration and Environment Setup
Environment Variables Configuration
Open the .env file for editing with your preferred text editor:
nano .envCritical variables requiring customization include:
UPLOAD_LOCATION defines where uploaded photos and videos are stored:
UPLOAD_LOCATION=/opt/immich/uploadDB_DATA_LOCATION specifies the PostgreSQL database storage path:
DB_DATA_LOCATION=/opt/immich/databaseSet a strong database password for security:
DB_PASSWORD=your_secure_password_hereConfigure timezone to ensure accurate timestamp handling:
TZ=America/New_YorkPin the Immich version for stability and predictable updates:
IMMICH_VERSION=releaseStorage Configuration
Create storage directories with appropriate permissions:
mkdir -p /opt/immich/upload /opt/immich/database
sudo chown -R 1001:1001 /opt/immich/upload
sudo chown -R 999:999 /opt/immich/databaseThese ownership settings match the user IDs used within the Docker containers. The upload directory stores your actual photos and videos, while the database directory contains PostgreSQL data files.
Consider filesystem optimization for better performance. EXT4 works well for most installations, while ZFS provides advanced features like snapshots and compression. For large photo libraries, consider using a dedicated storage mount point.
Advanced Configuration Options
PostgreSQL memory allocation can be optimized based on available system RAM:
# Add to .env file
DB_SHARED_PRELOAD_LIBRARIES=pg_stat_statements
DB_MAX_CONNECTIONS=100
DB_SHARED_BUFFERS=256MBRedis configuration for improved caching performance:
# Add to .env file
REDIS_MAXMEMORY=512mb
REDIS_MAXMEMORY_POLICY=allkeys-lruMachine learning service optimization affects facial recognition and object detection performance:
# Add to .env file
IMMICH_MACHINE_LEARNING_WORKERS=2
IMMICH_MACHINE_LEARNING_WORKER_TIMEOUT=120Security Hardening
Generate strong passwords using system tools:
openssl rand -base64 32Configure secure file permissions to protect sensitive configuration:
chmod 600 .env
chmod 644 docker-compose.ymlConsider implementing SSL/TLS termination using a reverse proxy like nginx or Traefik for production deployments. This provides encrypted connections and can handle multiple services on standard ports.
Installation and Container Deployment
Initial Container Deployment
Start Immich services using Docker Compose:
docker compose up -dThe -d flag runs containers in detached mode, allowing them to run in the background. This command downloads required Docker images and starts all services defined in the compose file.
Monitor container startup progress:
docker compose psCheck container logs for any startup errors:
docker compose logs -f immich-server
docker compose logs -f immich-databaseThe startup process involves initializing the PostgreSQL database, running database migrations, and starting the web application. This process typically takes 2-3 minutes on modern hardware.
Verifying Installation Success
Check running containers to ensure all services are operational:
docker psYou should see containers for immich-server, immich-machine-learning, postgres, and redis all in “Up” status.
Monitor resource usage to identify potential performance issues:
docker statsTest network connectivity to ensure services can communicate:
docker compose exec immich-server ping immich-database
docker compose exec immich-server ping immich-redisFirst-Time Access
Access the web interface by opening your browser and navigating to:
http://your-server-ip:3000Replace your-server-ip with your Rocky Linux 10 server’s IP address. If accessing locally, use localhost or 127.0.0.1.
Create the first admin user account by filling out the registration form with:
- Email address (used for login)
- Password (use a strong, unique password)
- First and last name
Complete the initial setup wizard which guides you through basic configuration options including:
- Default photo quality settings
- Mobile app setup instructions
- User management preferences
Post-Installation Configuration and Optimization
User Management and Access Control
Create additional user accounts through the web interface by navigating to Administration > Users > Create User. Each user can have individual storage quotas and access permissions.
Configure user permissions to control access to shared albums and administrative functions. Regular users can manage their own photos, while administrators have full system access.
Set up shared libraries to allow multiple users to access common photo collections. This feature is particularly useful for family deployments or team environments.
Mobile App Configuration
Download the Immich mobile app from your device’s app store (available for iOS and Android). The app provides automatic photo backup similar to Google Photos.
Configure server connection by entering:
- Server URL:
http://your-server-ip:3000 - Login credentials created during initial setup
Set up automatic photo uploads by configuring:
- Background upload preferences
- Wi-Fi only upload option
- Original quality vs. compressed upload settings
- Folder exclusions for screenshots or downloads
Configure backup schedules to balance storage usage with backup frequency. Consider enabling automatic upload only when charging to preserve battery life.
System Optimization
Configure automatic container restarts to ensure services recover from failures:
# Add to docker-compose.yml under each service
restart: unless-stoppedSet up log rotation to prevent disk space issues:
# Configure Docker daemon logging
sudo nano /etc/docker/daemon.jsonAdd the following configuration:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}Monitor disk usage and implement cleanup procedures:
# Check storage usage
df -h /opt/immich/
du -sh /opt/immich/upload/Performance tuning for database optimization:
# Add to docker-compose.yml environment for database
POSTGRES_SHARED_PRELOAD_LIBRARIES: pg_stat_statements
POSTGRES_MAX_CONNECTIONS: 200
POSTGRES_SHARED_BUFFERS: 256MBBackup and Maintenance
Set up automated database backups using cron jobs:
# Create backup script
cat > /opt/immich/backup.sh << 'EOF' #!/bin/bash BACKUP_DIR="/opt/immich/backups" DATE=$(date +%Y%m%d_%H%M%S) mkdir -p $BACKUP_DIR docker compose exec -T immich-database pg_dump -U postgres immich > "$BACKUP_DIR/immich_$DATE.sql"
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
EOF
chmod +x /opt/immich/backup.shConfigure photo library backup procedures for disaster recovery:
# Sync photos to external storage
rsync -av /opt/immich/upload/ /backup/location/immich-photos/Create maintenance scripts for updates and system health checks:
cat > /opt/immich/update.sh << 'EOF'
#!/bin/bash
cd /opt/immich
docker compose pull
docker compose up -d
docker image prune -f
EOF
chmod +x /opt/immich/update.shTroubleshooting Common Issues
Container Startup Problems
Docker daemon issues often prevent containers from starting:
# Check Docker service status
sudo systemctl status docker
# Restart Docker service
sudo systemctl restart dockerPort conflicts occur when port 3000 is already in use:
# Check what's using port 3000
sudo netstat -tulpn | grep :3000
# Modify docker-compose.yml to use different port
# Change "3000:3000" to "3001:3000"Permission-related errors commonly affect storage directories:
# Fix upload directory permissions
sudo chown -R 1001:1001 /opt/immich/upload
sudo chmod -R 755 /opt/immich/uploadDatabase connection failures may indicate PostgreSQL startup issues:
# Check database logs
docker compose logs immich-database
# Verify database data directory permissions
sudo chown -R 999:999 /opt/immich/databasePerformance Issues
Memory bottlenecks affect photo processing and thumbnail generation:
# Monitor memory usage
free -h
docker stats --no-stream
# Increase swap space if needed
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfileDatabase performance optimization improves overall system responsiveness:
# Add to .env file
DB_SHARED_BUFFERS=512MB
DB_EFFECTIVE_CACHE_SIZE=1GB
DB_RANDOM_PAGE_COST=1.1Slow photo uploads may indicate network or storage issues:
# Test upload speed
docker compose exec immich-server df -h
iostat -x 1
# Optimize storage mount options
# Add to /etc/fstab: noatime,nodiratimeNetwork and Access Issues
Firewall configuration problems prevent web interface access:
# Check firewall status
sudo firewall-cmd --list-all
# Add rule for Immich port
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --reloadSELinux policy conflicts may block container operations:
# Check SELinux status
sestatus
# View SELinux denials
sudo sealert -a /var/log/audit/audit.logDNS resolution issues affect external connectivity:
# Test DNS from within container
docker compose exec immich-server nslookup google.com
# Configure custom DNS in docker-compose.yml
dns:
- 8.8.8.8
- 1.1.1.1Security Best Practices and Maintenance
Security Hardening
Implement reverse proxy with SSL/TLS for production deployments:
# Install nginx
sudo dnf install -y nginx
# Configure SSL certificate with Let's Encrypt
sudo dnf install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.comConfigure fail2ban for brute force protection:
sudo dnf install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2banSet up VPN access for secure remote connections:
# Install OpenVPN or WireGuard
sudo dnf install -y openvpn easy-rsaRegular security updates maintain system integrity:
# Create update script
cat > /opt/immich/security-update.sh << 'EOF'
#!/bin/bash
sudo dnf update -y
docker compose pull
docker compose up -d
EOFMonitoring and Maintenance
Set up log monitoring using system tools:
# Monitor Immich logs
journalctl -u docker -f | grep immich
# Set up logrotate for container logs
sudo nano /etc/logrotate.d/docker-containersImplement automated backup verification to ensure data integrity:
# Test backup restoration
docker compose exec immich-database psql -U postgres -d immich -c "SELECT version();"Create update procedures for Immich version management:
# Pin specific version in .env
IMMICH_VERSION=v1.91.4
# Update process
docker compose pull
docker compose up -dCongratulations! You have successfully installed Immich. Thanks for using this tutorial for installing the Immich on your Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Immich website.
